The Curated Daily
← Back to the archiveHealthcare Data Privacy · 6 min read
Healthcare Data Privacy

Your Health Data Sold? US Healthcare Marketplaces & Ad Tech Giants

Discover how US healthcare marketplaces shared sensitive citizenship & race data with ad tech companies, raising privacy and financial security concerns. Learn what it means for you.

By the editors·Monday, May 4, 2026·6 min read
Clipboard with stock market charts and graphs representing financial data analysis.
Photograph by Leeloo The First · Pexels

The promise of the Affordable Care Act (ACA) marketplaces was greater access to health insurance. But a recent investigation reveals a darker side: the sharing of incredibly sensitive personal information – including citizenship status and race/ethnicity – with advertising technology (ad tech) companies. This isn’t about targeted ads for allergy medication; it’s about potentially compromising your financial security and privacy in ways you likely never imagined. This article will delve into the details of this data sharing, its implications, and what you can do to protect yourself.

The Data Leak: What Happened?

An investigation by Stat News revealed that healthcare.gov, the federal health insurance marketplace, and several state-run marketplaces were using tracking code from advertising giants like Google, Facebook (Meta), and others. This isn’t unusual in itself. Many websites use these tools to analyze traffic and optimize their sites.

However, the problem isn't that they used the code, but what data was being sent along with website traffic information. The tracking code wasn’t just collecting anonymous data. It was capturing detailed personal information provided during the application process, including:

  • Citizenship Status: Whether an applicant was a U.S. citizen.
  • Race & Ethnicity: Information collected for demographic reporting.
  • Income: A crucial factor in determining eligibility for subsidies.
  • Application Status: Whether an application was submitted, approved, or denied.
  • Other Personally Identifiable Information (PII): Though specifics vary, potential details went beyond these core fields.

This data was then accessible to the ad tech companies, who could use it for various purposes, including building detailed profiles of individuals.

Why is this a Problem? The Financial & Privacy Risks

Sharing this level of sensitivity isn’t just a privacy violation; it carries significant financial and security risks. Here's a breakdown:

  • Targeted Scams: Knowing someone is applying for health insurance, and potentially qualifies for subsidies, makes them a prime target for scams. Fraudsters could pose as insurance representatives to steal identities or financial information.
  • Discriminatory Practices: While illegal, data about race and citizenship could be misused for discriminatory targeting in other areas, such as housing or employment. Ad tech's complex algorithms often amplify existing biases.
  • Price Discrimination: Though less direct, detailed financial information could potentially be used to influence pricing in other services. Imagine being shown higher prices for financial products because an algorithm determined you were likely to qualify for government assistance.
  • Data Breaches & Security Risks: The more places your data exists, the more vulnerable it is to breaches. Ad tech companies are not subject to the same strict regulations as healthcare providers (HIPAA – see below), increasing the risk of unauthorized access.
  • Erosion of Trust: The entire foundation of healthcare relies on trust. This kind of data sharing erodes that trust and makes people less likely to seek necessary care.

The Health Insurance Portability and Accountability Act (HIPAA) is a US law designed to protect sensitive patient health information. However, the situation is complex.

HIPAA primarily applies to "covered entities" – healthcare providers, health plans, and healthcare clearinghouses – and their "business associates." The marketplaces themselves argued they weren’t directly covered entities in the same way a hospital is. They claimed the data sharing was for “operational purposes” like understanding website traffic and improving the user experience, and didn’t violate HIPAA.

This is a controversial interpretation. Critics argue the marketplaces should be held to a higher standard, especially given the sensitivity of the data involved. Several legal experts suggest the sharing, at the very least, raises serious ethical concerns and potential violations of state privacy laws.

Several lawsuits have already been filed, challenging the legality of the data sharing practices. The outcome of these suits could significantly impact the future of data privacy in the healthcare sector.

What Did the Marketplaces Say?

Facing intense scrutiny, the Centers for Medicare & Medicaid Services (CMS), which runs healthcare.gov, acknowledged the data sharing and removed the tracking code in question. State-run marketplaces followed suit.

CMS stated that the data sharing was unintentional and that they were taking steps to prevent it from happening again. They emphasized they did not authorize the sharing of sensitive data and were working with their contractors to ensure compliance with privacy regulations. However, the damage may already be done, and the incident has sparked a wider debate about data privacy in the digital age.

Protecting Yourself: What Can You Do?

While you can't completely eliminate the risk of data breaches, you can take steps to mitigate it and protect your financial security:

  • Use a VPN: A Virtual Private Network (VPN) encrypts your internet traffic, making it harder for trackers to identify and collect your data. offers a robust VPN service with strong security features.
  • Privacy-Focused Browser: Consider using a browser like Brave or Firefox Focus, which block trackers and prioritize privacy.
  • Privacy Extensions: Browser extensions like Privacy Badger and uBlock Origin can block tracking scripts and protect your data.
  • Review Privacy Policies: While lengthy and often complex, reviewing the privacy policies of websites you use can give you a better understanding of how your data is collected and used.
  • Be Wary of Phishing Scams: Be extra cautious about emails or phone calls asking for personal information, especially related to your health insurance.
  • Monitor Your Credit Report: Regularly check your credit report for any signs of fraudulent activity. You’re entitled to a free credit report from each of the three major credit bureaus (Equifax, Experian, TransUnion) annually.
  • Consider a Privacy-Focused Family Locator (with caution): While seemingly unrelated, some family locator apps collect significant data. Choose carefully, and review their privacy policies. is one option, but be mindful of its data collection practices.
  • Opt-Out of Data Broker Sites: Data brokers collect and sell personal information. While a tedious process, you can attempt to opt-out of these sites. Several services help automate this process (though they often come with a fee).

The Future of Healthcare Data Privacy

This incident is a wake-up call. It highlights the need for stronger data privacy regulations in the healthcare sector and greater transparency from marketplaces and ad tech companies.

Several potential solutions are being discussed:

  • Expanding HIPAA Coverage: Extending HIPAA protections to cover state and federal marketplaces directly.
  • Stronger Federal Privacy Law: Passing a comprehensive federal data privacy law similar to the GDPR in Europe.
  • Increased Oversight: Giving regulatory agencies more power to oversee data sharing practices and enforce penalties for violations.
  • Data Minimization: Requiring marketplaces to collect only the data necessary to fulfill their functions, rather than gathering extensive personal information.
  • Improved Data Security Standards: Implementing stricter security standards for marketplaces and their contractors to protect sensitive data from breaches.

The fight for healthcare data privacy is far from over. As consumers, we need to demand greater protection of our personal information and hold those who mishandle it accountable. Staying informed, taking proactive steps to protect your data, and advocating for stronger regulations are crucial steps in safeguarding your financial security and privacy in the digital age.

Disclaimer: We may earn a commission when you click on or make a purchase through affiliate links in this article. This does not influence our editorial content, and we only recommend products and services we believe offer value to our readers. We are committed to providing accurate and unbiased information.

Pass it onX·LinkedIn·Reddit·Email
Filed under:healthcare data privacy·data breach·ad tech·healthcare marketplaces·financial security·consumer privacy
The Sunday note

If this was your kind of read.

Sign up for the morning email — short, hand-written, and sent only when there's something worth your time.

Free, sent from a person, not a system. Unsubscribe in one click whenever.

Keep reading

The archive →
Healthcare Data PrivacyMay 4, 2026

Your Health Data, Sold? How Healthcare Marketplaces Shared Information with Ad Tech

Recent revelations show US healthcare marketplaces shared sensitive citizenship and race data with advertising technology companies. Explore the financial & privacy implications.

Microsoft EdgeMay 4, 2026

Is Microsoft Edge Putting Your Finances at Risk? The Password Storage Vulnerability

Microsoft Edge’s password storage practices are raising serious security concerns, especially for financial accounts. Learn about the clear-text memory issue and how to protect yourself.

Age VerificationMay 5, 2026

The Surprisingly Simple Way Kids Are Circumventing Age Verification – And Why It Matters For Your Finances

A drawn-on mustache? It's surprisingly effective at bypassing age verification systems. Learn how this impacts kids' spending, parental controls, and your family's financial security.

Cognitive DeclineMay 5, 2026

Does Working Keep Your Brain Sharp? The Link Between Employment & Cognitive Decline

Explore the fascinating connection between employment, labor market shocks, and cognitive function as we age. Learn how work impacts brain health and plan for financial security.